Mercurial > prosody-modules

view mod_warn_legacy_tls/mod_warn_legacy_tls.lua @ 5468:14b5446e22e1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Fix returning errors from response handlers This would either redirect the user back to the client along with the error code, or show the error HTML template. Previously this would just show some JSON to the user.
author Kim Alvefur <zash@zash.se>
date Thu, 18 May 2023 12:57:23 +0200
parents 406b32b50457
children
line wrap: on
line source

local st = require"util.stanza";
local host = module.host;

local deprecated_protocols = module:get_option_set("legacy_tls_versions", { "SSLv3", "TLSv1", "TLSv1.1" });
local warning_message = module:get_option_string("legacy_tls_warning", "Your connection is encrypted using the %s protocol, which has known problems and will be disabled soon.  Please upgrade your client.");

module:hook("resource-bind", function (event)
	local session = event.session;
	module:log("debug", "mod_%s sees that %s logged in", module.name, session.username);

	local ok, protocol = pcall(function(session)
		return session.conn:socket():info"protocol";
	end, session);
	if not ok then
		module:log("debug", "Could not determine TLS version: %s", protocol);
	elseif deprecated_protocols:contains(protocol) then
		session.log("warn", "Uses %s", protocol);
		module:add_timer(15, function ()
			if session.type == "c2s" and session.resource then
				session.send(st.message({ from = host, type = "headline", to = session.full_jid }, warning_message:format(protocol)));
			end
		end);
	else
		module:log("debug", "Using acceptable TLS version: %s", protocol);
	end
end);